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security keys in a wireless 
communications security system] 



ckground of Invention 

1 . Field of the Invention 

The present invention relates to security count values in a wireless communications system. 
In particular, the present invention discloses a method for obtaining a security count value for a 
new channel that is established during a changing of a security key. 

2. Description of the Prior Art 

Please refer to Fig.l. Fig.l is a simplified block diagram of a prior art wireless 
communications system. The wireless communications system includes a first station 1 0 in 
wireless communications with a second station 20. As an example, the first station 10 is a 
mobile unit, such as a cellular telephone, and the second station 20 is a base station. The first 
station 1 0 communicates with the second station 20 over a plurality of channels 1 2. The second 
station 20 thus has corresponding channels 22, one for each of the channels 12. Each channel 
1 2 has a receiving buffer 1 2r for holding protocol data units (PDUs) 1 1 r received from the 
corresponding channel 22 of the second station 20. Each channel 1 2 also has a transmitting 
buffer 1 2t for holding PDUs 1 It that are awaiting transmission to the corresponding channel 22 
of the second station 20. A PDU 1 1 1 is transmitted by the first station 1 0 along a channel 1 2 
and received by the second station 20 to generate a corresponding PDU 21 r in the receiving 
buffer 22r of the corresponding channel 22. Similarly, a PDU 21 1 is transmitted by the second 
station 20 along a channel 22 and received by the first station 10 to generate a corresponding 
PDU 1 1 r in the receiving buffer 1 2r of the corresponding channel 12. 

For the sake of consistency, the data structures of each PDU 1 1 r, 1 1 1, 2 1 r and 2 1 1 along 
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corresponding channels 1 2 and 22 are identical. That is, a transmitted PDU 1 1 1 generates an 
identical corresponding received PDU 21 r, and vice versa. Furthermore, both the first station 10 
and the second station 20 use identical PDU lit, 21 1 data structures. Although the data 
structure of each PDU 1 1 r, 1 It, 21 r and 21 1 along corresponding channels 1 2 and 22 is 
identical, different channels 12 and 22 may use different PDU data structures according to the 
type of connection agreed upon along the corresponding channels 1 2 and 22. In general, 
though, every PDU 1 1 r, 1 It, 21 r and 2 1 1 will have a sequence number 5r, 5t, 6r, 6t. The 
sequence number 5r, 5t, 6r, 6t is an m-bit number that is incremented for each PDU 11 r, lit, 
21 r, 21 1. The magnitude of the sequence number 5r, 5t, 6r, 6t indicates the sequential ordering 
of the PDU 1 lr, 1 It, 21 r, 21 1 in its buffer 12r, 12t, 22r, 22t. For example, a received PDU 1 lr 
with a sequence number 5r of 1 08 is sequentially before a received PDU 1 1 r with a sequence 
ig number 5r of 1 09, and sequentially after a PDU 1 1 r with a sequence number 5r of 1 07. The 

]l2 sequence number 5t, 6t is often explicitly carried by the PDU lit, 2 It, but may also be 

jy implicitly assigned by the station 1 0, 20. For example, in an acknowledged mode setup for 

corresponding channels 1 2 and 22, each transmitted PDU 1 1 1, successful reception of which 
13 generates an identical corresponding PDU 21 r, is confirmed as received by the second station 

Y2 20. A 12-bit sequence number 5t is explicitly carried by each PDU 1 It in acknowledged mode 

:*f transmissions. The second station 20 scans the sequence numbers 6r embedded within the 

in received PDUs 21 r to determine the sequential ordering of the PDUs 21 r, and to determine if 

any PDUs 21 r are missing. The second station 20 can then send a message to the first station 
1 0 that indicates which PDUs 2 1 r were received by using the sequence numbers 6r of each 
received PDU 21r, or may request that a PDU 1 It be re-transmitted by specifying the sequence 
number 5t of the PDU 1 It to be re-transmitted. Alternatively, in a so-called transparent 
transmission mode, data is never confirmed as successfully received. The sequence numbers 
5t, 6t are not explicitly carried in the PDUs lit, 2 It. Instead, the first station 1 0 simply 
internally assigns a 7-bit sequence number 5t to each PDU 1 It. Upon reception, the second 
station 20 similarly assigns a 7-bit sequence number 6r to each PDU 21 r. Ideally, the sequence 
numbers 5t maintained by the first station 1 0 for the PDUs 1 1 1 are identical to the 
corresponding sequence numbers 6r for the PDUs 21 r that are maintained by the second 
station 20. 

[0006] 

Hyper-frame numbers (HFNs) are also maintained by the first station 10 and the second 
station 20. Hyper-frame numbers may be thought of as high-order (i.e., most significant) bits 
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of the sequence numbers 5t, 6t, and which are never physically transmitted with the PDUs 1 It, 
2 1 1. Exceptions to this rule occur in rare cases of special signaling PDUs 1 I t, 2 1 1 that are used 
for synchronization. In these cases, the HFNs are not carried as part of the sequence number 

I It, 2 It, but instead are carried in fields of the data payload of the signaling PDU lit, 2 It, and 

thus are more properly signaling data. As each transmitted PDU 1 1t, 21 1 generates a 

corresponding received PDU 21 r, 1 1 r, hyper-frame numbers are also maintained for received 

PDUs 1 1 r, 21 r. In this manner, each received PDU 1 1 r, 21 r, and each transmitted PDU lit, 21 1 

is assigned a value that uses the sequence number (implicitly or explicitly assigned) 5r, 6r, and 

5t, 6t as the least significant bits, and a corresponding hyper-frame number (always implicitly 

assigned) as the most significant bits. Each channel 12 of the first station 10 thus has a 

i=i receiving hyper-frame number (HFN ) 1 3r and a transmitting hyper-frame number (HFN ) 

R T 

^0 1 3t. Similarly, the corresponding channel 22 on the second station 20 has a HFN 23r and a 

s p R 

jg HFN 23t. When the first station 1 0 detects rollover of the sequence numbers 5r of PDUs 1 1 r in 

the receiving buffer 1 2r, the first station 1 0 increments the HFN 1 3r. On rollover of sequence 

!=* numbers 5t of transmitted PDUs 1 1 1, the first station 1 0 increments the HFN ^ 1 3t. A similar 

process occurs on the second station 20 for the HFN 23r and HFN 23t. The HFN 1 3r of the 
= R T R 

(3 first station 1 0 should thus be synchronized with (i.e., identical to) the HFN 23t of the second 

ll station 20. Similarly, the HFN 1 3t of the first station 1 0 should be synchronized with (i.e., 

^ r identical to) the HFN 23r of the second station 20. 

□ R 

*T0007] 

The PDUs 1 It and 21 1 are not transmitted "out in the open". A security engine 1 4 on the 
first station 10, and a corresponding security engine 24 on the second station 20, together 
ensure secure and private exchanges of data exclusively between the first station 1 0 and the 
second station 20. The security engine 14, 24 has two primary functions. The first is the 
obfuscation (i.e., ciphering, or encryption) of data held within a PDU 1 1 1, 2 1 1 so that the 
corresponding PDU 1 1 r, 21 r presents a meaningless collection of random numbers to an 
eavesdropper. The second function is to verify the integrity of data contained within the PDUs 

I I r, 21 r. This is used to prevent another, improper, station from masquerading as either the 
first station 10 or the second station 20. By verifying data integrity, the first station 10 can be 
certain that a PDU 1 1 r was, in fact, transmitted by the second station 20, and vice versa. For 
transmitting a PDU 1 It, the security engine 14 uses, amongst other inputs, an n-bit security 
count 14c and a security key 14k to perform the ciphering functions upon the PDU 1 It. To 
properly decipher the corresponding PDU 21 r, the security engine 24 must use an identical 
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security count 24c and security key 24k. Similarly, data integrity checking on the first station 10 

uses an n-bit security count that must be synchronized with a corresponding security count on 

the second station 20. As the data integrity security count is generated in a manner similar to 

that for the ciphering security count 1 4c, 24c, and as ciphering is more frequently applied, the 

ciphering security count 14c, 24c is considered in the following. The security keys 14k and 24k 

remain constant across all PDUs 1 It and 21 1 (and thus corresponding PDUs 21 r and 1 1 r), until 

explicitly changed by both the first station 10 and the second station 20. Changing of the 

security keys 14k, 24k is effected by a security mode command that involves handshaking 

between the first station 10 and the second station 20 to ensure proper synchronization of the 

security engines 14, 24. The security mode command is relatively infrequently performed, and 

depends upon the value of the security count 1 4c. They security keys 1 4k, 24k are thus 

relatively persistent. The security counts 14c and 24c, however, continuously change with each 

PDU 1 1 1 and 21 1. This constant changing of the security count 1 4c, 24c makes decrypting (and 

spoofing) of PDUs 1 It, 2 1 1 more difficult, as it reduces statistical consistency of inputs into the 

security engine 1 4, 24. The security count 1 4c for a PDU 1 1 1 is generated by using the 

sequence number 5t of the PDU 1 1 1 as the least significant bits of the security count 1 4c, and 

the HFN 1 3t associated with the sequence number 5t as the most significant bits of the 

security count 1 4c. Similarly, the security count 1 4c for a PDU 1 1 r is generated from the 

sequence number 5r of the PDU 1 1 r and the HFN 1 3r of the PDU 11 r. An identical process 

occurs on the second station 20, in which the security count 24c is generated using the 

sequence number 6r or 6t, and the appropriate HFN 23r or HFN 23t. The security count 

R T 

14c, 24c has a fixed bit size, say 32 bits. As the sequence numbers 5r, 6r, 5t, 6t may vary in bit 

size depending upon the transmission mode used, the hyper-frame numbers HFN 13r, HFN 

R R 

23r, HFN ^ 1 3t and HFN 23t must vary in bit size in a corresponding manner to yield the fixed 

bit size of the security count 1 4c, 24c. For example, in a transparent transmission mode, the 

sequence numbers 5r, 6r, 5t, 6t are all 7 bits in size. The hyper-frame numbers HFN 1 3r, HFN 

R 

23r, HFN 1 3t and HFN 23t are thus 25 bits in size; combining the two together yields a 32 
R I T 

bit security count 14c f 24c. On the other hand, in an acknowledged transmission mode, the 

sequence numbers 5r, 6r, 5t, 6t are all 12 bits in size. The hyper-frame numbers HFN 13r, 

R 

HFN 23r, HFN 1 3t and HFN 23t are thus 20 bits in size so that combining the two 
R T T 

together continues to yield a 32 bit security count 14c, 24c. 



Initially, there are no established channels 12 and 22 between the first station 10 and the 
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second station 20. The first station 1 0 thus establishes a channel 1 2 with the second station 

20. To do this, the first station 1 0 must determine an initial value for the HFN 1 3t and HFN 

T R 

13r. The first station 10 references a non-volatile memory 16, such as a flash memory device or 

a SIM card, for a start value 1 6s, and uses the start value 1 6s to generate the initial value for 

the HFN 1 3t and the HFN 1 3r. The start value 1 6s holds the x most significant bits (MSB ) 
T R x 

of a hyper-frame number from a previous session along a channel 1 2. Ideally, x should be at 

least as large as the bit size of the smallest-sized hyper-frame number (i.e., for the above 

example, x should be at least 20 bits in size). The MSB of the HFN 1 3t and the HFN 1 3r 

x T R 

are set to the start value 1 6s, and the remaining low order bits are set to zero. The first station 
1 0 then transmits the start value 1 6s to the second station 20 (by way of a special signaling 

PDU lit) for use as the HFN 23r and the HFN 23t. In this manner, the HFN 1 3t is 

i=~ R T T 

'S synchronized with the HFN 23r, and the HFN 23t is synchronized with the HFN 1 3r. 

*y R T R 

|H>009] As noted, the first station 1 0 may establish a plurality of channels 1 2 with the second 
l~ station 20. Each of these channels 12 uses its own sequence numbers 5r and 5t, and hyper- 

frame numbers 1 3r and 1 3t. When establishing a new channel 1 2, the first station 1 0 considers 

]~ the HFN 1 3t and HFN 1 3r of all currently established channels 1 2, selecting the HFN 1 3t 

,„ T R T 

* ,s z or HFN 1 3r having the highest value. The first station 1 0 then extracts the MSB of this 

iD R x 

highest-valued hyper-frame number 1 3r, 1 3t, increments the MSB by one, and uses it as the 

m x 

;« MSB for the new HFN 13tandHFN 1 3r for a newly established channel 1 2. 

J x T R 

^ Synchronization is then performed between the first station 10 and the second station 20 to 

provide the MSB to the second station 20 for the HFN 23r and HFN _ 23t. In this manner, a 
x R T 

constantly incrementing spacing is ensured between the security counts 14c of all established 
channels 1 2. 



[0010] 



It is noted that, for the sake of security, the security keys 14k and 24k should be changed 
after a predetermined interval. This interval is, in part, determined by the security count 14c, 
24c. When the security count 1 4c for an established channel 1 2 exceeds a predetermined 
security cross-over value 14x, the second station 20 (i.e., the base station) may initiate the 
security mode command to change the security keys 14k and 24k to new security keys 14n and 
24n. Both of the security keys 14n and 24n are identical, and should not be the same as the 
previous security keys 14k and 24k. Changing over to the new security keys 14n, 24n must be 
carefully synchronized across all channels 1 2, 22 to ensure that that transmitted PDUs lit, 2 It 
are properly deciphered into received PDUs 21 r, 1 lr. For example, if a PDU lit is enciphered 
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using the security key 14k and the security engine 24 attempts to decipher the corresponding 
received PDU 21 r using the new security key 24n, the received PDU 21 r will be deciphered into 
meaningless data due to the lack of synchronization of the security keys 1 4k and 24n as 
applied to the PDUs 1 It and 21r. The security mode command is a somewhat complicated 
process that takes a finite amount of time. Clearly, before the transmitting of the security mode 
command by the second station 20, only the security key 1 4k, 24k is used for all channels 1 2, 
22. Similarly, after the security mode command has been fully completed, only the new security 
key 1 4n, 24n will be used for all channels 12, 22. However, during execution of the security 
mode command, and the resulting hand-shaking between the two stations 10 and 20, there 
could be confusion as to which security key 14k, 24k, or 14n, 24n should be used. To prevent 
this from happening, the security mode command provides for a so-called activation time 1 7r, 
27t for each channel 1 2, 22. The activation time 1 7r, 27t is simply a sequence number value 5r, 
6t of PDUs 1 1 r, 21 1. When executing the security mode command, the second station 20 
determines an activation time 27t for the transmitting buffer 22t of each channel 22. The 
activation times 27t are not necessarily the same across all channels 22, and, in fact, will 
generally be different. The security mode command sent by the second station 20 to the first 
station 10 provides the activation times 27t to the first station 10, which the first station 10 
then uses to generate an identical corresponding activation time 1 7r for the receiving buffer 
1 2r of each channel 1 2. In response to the security mode command, the first station 1 0 
determines an activation time 1 7t for the transmitting buffer 1 2t of each channel 1 2. The first 
station 10 then sends a security mode complete message to the second station 20, which 
contains the activation times 1 7t. The second station 20 uses the security mode complete 
message to provide an activation time 27r to the receiving buffer 22r of each channel 22, which 
is identical to the activation time 1 7t of the corresponding channel 1 2 on the first station 1 0. 
The security mode command, and resultant final activation time 1 7t, are termed a security 
mode reconfiguration. Using the first station 10 as an example, for all PDUs 1 It that have 
sequence numbers 5t that are prior to the activation time 1 7t for their channel 1 2, the PDUs 1 It 
are enciphered using the old security key 1 4k. For PDUs 1 1 1 which have sequence numbers 5t 
that are sequentially at or after the activation time 1 7t, the new security key 14n is applied for 
enciphering. When receiving the PDUs 1 It, the second station 20 uses the sequence numbers 6r 
and the activation time 27r to determine which key 24k or 24n to use for deciphering of the 
PDUs 21 r. A similar transmitting process also occurs on the second station 20, with each 
channel 22 having the activation time 27t. The security mode command provides for 
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synchronization of the activation times 1 7r with 27t and 1 7t with 27r so that the second station 

20 and first station 10 may know how to apply their respective security keys 24n, 24k and 14n, 

1 4k to received PDUs 2 1 r, 1 1 r and transmitted PDUs 1 1 1, 2 1 1. In this manner, synchronization 

is ensured between the security engines 14 and 24. To ensure that full use is obtained from the 

new security key 1 4n, 24n, upon adoption of the new security key 1 4n, 24n by a channel 1 2, 22 

(i.e., after the activation times 1 7r, 1 7t and 27r, 27t for the channels 1 2 and 22), the HFN 1 3r, 

R 

23r and the HFN 1 3t, 23t are cleared to zero, thus bringing the security count 14c, 24c for 

the channel 1 2, 22 down to zero, or close to zero. For example, after a channel 1 2 exceeds its 

activation time 1 7t, the HFN 1 3tfor the channel 1 2 is set to zero. The corresponding security 

count 1 4c for the transmitted PDUs 1 1 1 is thus brought close to zero. Similarly, upon receiving 

a PDU 21 r that exceeds the activation time 27r, the second station 20 clears the HFN 23r, 

R 

thus reducing the security count 24c for the received PDUs 21 r. 



ftpOl 1] However, the establishment of a new channel 12 during the security mode reconfiguration 
may lead to a problem that shortens the lifetime of the new security key 14n. When a new 
channel 1 2 is being established during the security mode reconfiguration, it is possible that 
there will be established channels 1 2 that are using the new security key 1 4n, and other 
jrf channels 1 2 that are still using the old security key 1 4k. Those channels 1 2 using the new 

js& security key 1 4n will have hyper-frame numbers 1 3r, 1 3t that are zero, or close to zero. 

4! However, those channels 1 2 still using the old security key 1 4k (because they have not yet 

^ reached their respective activation times 1 3a) will have hyper-frame numbers 1 3r, 1 3t that are 

quite high. When assigning the hyper-frame numbers 1 3r, 1 3t to the new channel 1 2, the first 
station 10 scans all established channels 12, selects the highest hyper-frame number 13r, 13t, 
increments this value by one and then assigns it to the hyper-frame numbers 1 3r and 1 3t for 
the new channel 12. The new channel 1 2 will thus receive hyper-frame numbers 1 3r, 1 3t that 
are much greater than zero, and which may possibly lead to the formation of a security count 
1 4c for the new channel 1 2 that is very close to the security cross-over value 1 4x. This will 
cause a considerable shortening of the lifetime of the new security key 14n. 

Summary of Invention 

[001 2] It is therefore a primary objective of this invention to provide a method for obtaining a 

security count value for a new channel that is established during a changing of a security key. 

[0013] 

Briefly summarized, the preferred embodiment of the present invention discloses a method 
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for calculating an initial security count value for a new channel in a wireless communications 
device. The wireless communications device has a first security key, a second security key, and 
established channels. Each established channel has a corresponding security count value, and 
utilizes a security key. At least one of the established channels utilizes the first security key. 
The second security key is assigned to the new channel. A first set is then used to obtain a first 
value. The first set has only security count values of all the established channels that utilize the 
second key. The first value is at least as great as the x most significant bits (MSB ' ) of the 
greatest value in the first set. The MSB of the initial security count value for the new channel 
is set equal to the first value. If the first set is empty, then the first value is set to zero. 

[001 4] It is an advantage of the present invention that by considering the security count values 
j« s associated with only those channels that use the second key, the new channel is prevented from 

^0 obtaining an excessively high security count value. The lifetimes of security keys are thus 

m prevented from being prematurely shortened. 

IU * 

|$boi 5] These and other objectives of the present invention will no doubt become obvious to those 

jg of ordinary skill in the art after reading the following detailed description of the preferred 

!- embodiment, which is illustrated in the various figures and drawings. 

u Brief Description of Drawings 

in 

13001 6] Fig.l is a simplified block diagram of a prior art wireless communications system. 

[001 7] Fig. 2 is a simplified block diagram of a wireless communications system according to the 
present invention. 

Detailed Description 

[001 8] In the following description, a station may be a mobile telephone, a handheld transceiver, a 
base station, a personal data assistant (PDA), a computer, or any other device that requires a 
wireless exchange of data. It should be understood that many means may be used for the 
physical layer to effect wireless transmissions, and that any such means may be used for the 
system hereinafter disclosed. 

[0019] 

Please refer to Fig. 2. Fig. 2 is a simplified block diagram of a wireless communications 
system 30 according to the present invention. The wireless communications system 30 is much 
like that of the prior art, as it is the primary objective of the present invention to change the 
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method used for assigning an initial security count value 44c, 54c to a newly established 
channel 42, 52. The wireless communications system 30 includes a first station 40 in wireless 
communications with a second station 50 over a plurality of established channels 42. The first 
station 40 may establish a channel 42 to effect communications with the second station 50. The 
second station 50 establishes a corresponding channel 52 for the channel 42 of the first station 
40. The first station 40 may also release an established channel 42, in which case the second 
station 50 releases the corresponding channel 52. Each channel 42 has a receiving buffer 42r 
and a transmitting buffer 42t. Similarly, on the second station 50, each channel 52 has a 
receiving buffer 52r and a transmitting buffer 52t. The receiving buffer 42r is used to hold 
protocol data units (PDUs) 41 r received from the second station 50. The transmitting buffer 42t 
is used to hold PDUs 41 1 awaiting transmission to the second station 50. A PDU 41 1 is 
't transmitted along its channel 42 to the second station 50, where it is received and placed into 

H the receiving buffer 52r of the corresponding channel 52. Similarly, a PDU 51t is transmitted 

lj along its channel 52 to the first station 40, where it is received and placed into the receiving 

^ buffer 42r of the corresponding channel 42. Each PDU 41r, 41 1, 51r, 51t has an m-bit sequence 

3 number (SN) 35r, 35t, 36r, 36t that indicates the sequential position of the PDU 41 r, 41 1, Sir, 

« 51t within its respective buffer 42r, 42t, 52r, 52t. Sequentially later PDUs 41 r, 41t, Sir, 51t 

D have sequentially higher sequence numbers 35r, 35t, 36r, 36t. As the sequence number 35r, 

fk 35t, 36r, 36t has a fixed bit size of m bits, the sequence number 35r, 35t, 36r, 36t will rollover 

□ m 

i to zero when its value exceeds 2 -1 . The receiving buffers 42r, 52r each have a respective 

receiving hyper-frame number (HFN ) 43r, 53r that is incremented by one upon detection of 

R 

such a rollover event of the sequence number 35r, 36r of received PDUs 41 r, Sir. The HFN 

R 

43r, 53r associated with each received PDU 41 r, 51 r thus serves as high-order bits (most 
significant bits) for the sequence number 35r, 36r of the received PDU 41 r, 51 r. Similarly, each 
transmitting buffer 42t, 52t has a respective transmitting hyper-frame number (HFN ) 43t, 
53t that serves as the high-order, most significant bits of the sequence number 35t, 36t of 
each transmitted PDU 41 1, 51 1. The hyper-frame numbers 43r, 43t, 53r, 53t are internally 
maintained by the first station 40 and second station 50, and are explicitly transmitted only 
during synchronization events. This is in contrast to the sequence numbers 35t, 36t, which are 
typically carried by their respective PDUs 4 It, Sit. 

[0020] 

The first station 40 has a security engine 44 that is used to perform 
enciphering/deciphering and data integrity checks of the PDUs 41 r, 41 1. Two of a multiple of 
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inputs into tine security engine particularly include an n-bit security count 44c, arid a first 
security key 44k. A corresponding security engine 54 is provided on the second station 50, 
which also uses an n-bit security count 54c and a first security key 54k. A PDU 41 1 is 
enciphered by the security engine 44 using a distinct security count 44c, and the first key 44k. 
To properly decipher the corresponding received PDU 52r, the security engine 54 must use a 
security count 54c that is identical to the security count 44c, and the first security key 54k that 
is identical to the first security key 44k. Integrity checking of PDUs 41 r, 41 1, Sir, 51 1 also 
utilizes synchronized security counts, but as these integrity security counts are almost 
invariably smaller than the ciphering security counts 44c, 54c, for purposes of the following 
discussion it is the ciphering security counts 44c, 54c that are considered. 

;[:Q021] The first security keys 44k and 54k are changed whenever the security count 44c for any 

^0 established channel 42 exceeds a predetermined cross-over value 44x. A security mode 

(2 command is used to synchronize the security engines 44 and 54 from using the first security 

\H key 44c, 54c to using a second, new security key 44n, 54n. The security count 44c, 54c 

continuously changes with each PDU 41 r, 41 1, 51 r, 51 1 along the channel 42, 52. The security 

]"* count 44c is generated for each PDU 41 r, 41 1 by using the sequence number 35r, 35t of the 

□ PDU 41 r, 41 1 as the low-order (least significant) bits of the security count 44c, and the HFN 

i'f\ K 

\2 43r, HFN 43t f respectively associated with the PDU 41 r, 41 1, as the high-order bits of the 

\il security count 44c. A corresponding process is used by the security engine 54 of the second 

■*6 station 50. For a stream of transmitted PDUs 41 1 along an established channel 42, the security 

count 44c associated with the channel 1 2 continuously increases with each PDU 41 1. The same 
is thus also true for streams of PDUs 51 1 transmitted by the second station 50. The range of 
security count values 44c used by the various channels 42 may vary widely. Typically, all 
channels 42 will use either the first security key 44k or the second security key 44n. 

[0022] initially, the first station 40 has no established channels 42 with the second station 50. To 

establish a channel 42 with the second station 50, the first station 40 first extracts a start value 

46s from a non-volatile memory 46 of the first station 40, and uses this start value 46s to 

generate the HFN 43t and the HFN 43r for the channel 42 that is to be established. The 
T R 

non-volatile memory 46 is used to permanently store data for the first station 40, and may be 
an electrically erasable programmable read-only memory (EEPROM), a SIM card, or the like, so 
that the start value 46s is not lost when the first station 40 is turned off. Ideally, the bit size of 
the start value 46s should be equal to the bit size of the hyper-frame numbers 43t and 43r. In 
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this case, the HFN 43t and the HFN n 43r are simply set equal to the start value 46s. If, 
T R 

however, the start value 46s is x bits in size for m-bit hyper-frame number 43t, 43r, and x is 

less than m, then the start value 46s is used as the x most significant bits (MSB ) of the 

hyper-frame numbers 43t, 43r, and the remaining low-order bits of HFN 43t and HFN 43r 

T R 

are simply set to zero. After generating the hyper-frame numbers 43t and 43r by way of the 

start value 46s, the first station 40 transmits the start value 46s (or, alternatively, one of HFN ^ 

43t :or HFN 43r) to the second station 50 so that the second station 50 may set the HFN n 53r 
R R 

and the HFN 53t of the corresponding channel 52 equal to the initial value of the hyper-frame 

numbers 43t and 43r. In this manner, the HFN 43t is synchronized with the corresponding 

HFN 53r, and the HFN 43r is synchronized with the corresponding HFN 53t. As the start 
R R T 

value 46s is an x-bit sized number, and the HFN 43t is used as the most significant bits of 
the security count 44c for transmitted PDUs 41 1, the start value 46s effectively holds the MSB 
of the n-bit security count 44c, where n is equal to the sum of the bit size of the HFN 43t and 
the bit size of the sequence number 35t. This is also true for the security count 44c for received 



^ PDUs 41 r, as regards HFN 43r. A security key is also assigned to the newly established 

: ~ R 

13 channel 42, such as the first security key 44k, which is then used by the security engine 44 for 

j« ciphering and deciphering operations of the new channel 42 Many other channels 42 may be 

\Q established by the first station 40 (or in response to a channel 52 being established by the 

Jp second station 50) after an initial channel 42 has been established. When establishing a new 

p channel 42 when other channels 42 are already established, the first station 40 first assigns a 

security key to the new channel 42. The security key will typically be the security key that is 
already in use by all other established channels 42, such as the first security key 44k. However, 
due to a security mode command, the new channel 42 may be assigned a second security key, 
such as the new security key 44n, that is different from that of other established channels 42. 
By way of example, it is assumed in the following that the first station 40 assigns the new 
security key 44n to a new channel 42. The first station 40 must next assign hyper-frame 
numbers 43r and 43t to the new channel 42. To do this, the first station 40 parses all other 
established channels 42 that also use the new security key 44n (i.e., the same security key that 
is assigned to the new channel 42) at the time the new channel 42 is being established, and 
selects the greatest security count 44c from all of these channels 42. This greatest security 
count 44c may be formed from either a receiving hyper-frame number HFN 43r, or a 

R 

transmitting hyper-frame number HFN 43t, and is used to generate the hyper-frame numbers 
43r, 43t of the new channel 42. For simplicity in the following discussion, it is assumed that the 
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hyper-frame numbers 43r f 43t of the new channel 42 are both x bits in size, and that the x 

most significant bits (MSB ) of this so-called greatest security count 44c are copied into a 

x 

temporary holding space as a first value 45. For example, if the hyper-frame numbers 43r, 43t 

for the new channel 42 are 20 bits in size, then the MSB ^ of the greatest security count 44c 

(associated with the new security key 44n) are used as the first value 45. The first value 45 is 

x 

then incremented if the first value 45 is less than 2 -1 , so as to ensure that no rollover to 

zero (i.e., over-flow) occurs. The first value 45 is then copied into the HFN 43r and the HFN 

R T 

43t of the new channel 42. Note that if no other established channels 42 are using the new 
security key 44n (i.e., the same security key that is being used by the new channel 42) at the 
time that the new channel 42 is being established, then the hyper-frame values 43r and 43t for 
the new channel 42 are simply set to zero. That is, the first value 45 is given a default value of 
zero, which becomes the value for the hyper-frame numbers 43r and 43t. Alternatively, as zero 

if = 

if] is sometimes used as a flag, another small value, such as one, may be used. 

!f|)023] Note that the above is, in fact, setting the MSB of an initial value for the security counts 

|=& 44c (one for the receiving buffer 42r, another for the transmitting buffer 42t) for the new 

?aa? channel 42 according to the MSB of the security counts 44c of other established channel 42 
L x 

□ that use the same security key 44n as is used by the new channel 42. In effect, a set 48 of 

iU elements 48e is parsed. Each element 48e is a security count 44c for either a receiving buffer 

]t: 42r or a transmitting buffer 42t of a channel 42 that uses the new security key 44n. Each and 

\± every security count 44c that is associated with the new security key 44n is represented as an 

element 48e in the set 48. Each channel 42 that uses the new security key 44n thus provides 

two elements 48e to the set 48. The MSB of the largest element 48e in this set 48 are then 

x 

extracted, incremented, and used as the MSB for the security counts 44c for the receiving 
buffer 42r and transmitting buffer 42t of the new channel 42, by way of the hyper-frame 
numbers 43r and 43t of the new channel 42. 

[0024] present invention method is particularly important for the determination of the hyper- 

frame numbers 43r, 43t of a new channel 42 that is established just after, or during, a security 
mode reconfiguration. Initially, a plurality of channels 42 are established, each using the first 
security key 44k. A security mode command is performed some time later, which culminates in 
a receiving activation time 49r for each receiving buffer 42r, and a transmitting activation time 
49t for each transmitting buffer 42t. After reception of the security mode command, when the 
sequence numbers 35r, 35t of PDUs 41 r, 41 1 exceed their respective buffer 42r, 42t activation 
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times 49r, 49t, the respective hyper-frame number 43r, 43t is cleared to zero, and the second, 

new security key 44n is then applied to the PDUs 41 r, 41 1. As an example, consider a stream of 

PDUs 41 1 in a transmitting buffer 42t having sequence numbers 35t ranging from 1 8 to 35. 

Further assume that this transmitting buffer 42t has an HFN 43t of 168, and an activation 

time 49t of 30. After reception of the security mode command, the PDUs 41 1 with sequence 

numbers 35t from 1 8 to 29 are transmitted using the first security key 44k, and security counts 

44c with most significant bits (MSBs) given by the HFN value 43t of 1 68. PDUs 4 1 1 with 

sequence numbers 35t from 30 to 35, however, are transmitted using the second security key 

44n, and security counts 44c with most significant bits (MSBs) given by a new HFN value 43t 

of zero. When establishing a new channel 42, the second, new security key 44n is assigned to 

this new channel 42. The first station 40 then considers every buffer 42r, 42t that has reached 

! « or exceeded its respective activation time 49r, 49t, and is thus using the new security key 44n 

IP at the time that the new channel 42 is being established. The largest security count 44c of such 

iy buffers 42r, 42t is then used in the manner previously described to generate the hyper-frame 

numbers 43r, 43t for the new channel 42. Again, if no such buffers 42r, 42t exist, then the 

p hyper-frame numbers 43r, 43t for the new channel 42 are simply set to a default value, such as 

zero. Note that no security count values 44c are considered for buffers 42r, 42t that have not 

10 reached or exceeded their respective activations times 49r, 49t, and which thus continue to use 

\f\ the first security key 44k. Because of this, the present invention avoids entangling hyper-frame 

numbers 43r, 43t that properly associate with the first security key 44k when assigning values 

to hyper-frame numbers 43r, 43t that associate with the second, new security key 44n. In this 

manner, the lifetime of the new security key 44n is not prematurely shortened due to an initial 

assignment of unduly high hyper-frame numbers 43r, 43t. As before, the above description of 

the present invention method may be thought of as the parsing of a set 48 that contains all 

security count values 44c (as elements 48e) that are associated with the second, new key 44n at 

the time that the new channel 42 is initiated for establishment. The MSB of the largest-valued 

x 

element 48e in this set 48 are extracted, incremented, and used for the x-bit hyper-frame 

numbers 43r, 43t of the new channel 42, thus providing the MSB for the initial values of the 

x 

security counts 44c of the new channel 42. 

[0025] 

In contrast to the prior art, the present invention only considers security count values 
associated with a second security key when assigning an initial security count value to a new 
channel that uses the second security key. Security count values associated with the first 
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security key thus do not influence the calculation of the new security count value for the new 
channel, and so do not lead to a prematurely shortened lifetime for the second security key. 

[0026] Those skilled in the art will readily observe that numerous modifications and alterations of 
the device may be made while retaining the teachings of the invention. Accordingly, the above 
disclosure should be construed as limited only by the metes and bounds of the appended 
claims. 
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